1 /* 2 * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 import java.util.Arrays; 24 import javax.net.ssl.SSLServerSocket; 25 import javax.net.ssl.SSLSocket; 26 27 /* 28 * @test 29 * @bug 8234728 30 * @library /javax/net/ssl/templates 31 * /javax/net/ssl/TLSCommon 32 * /lib/security 33 * @summary Test TLS ciphersuites order. 34 * Parameter order: <protocol> <client cipher order> <server cipher order> 35 * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED default 36 * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED default 37 * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED UNORDERED 38 * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED ORDERED 39 * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED default 40 * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED default 41 * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED UNORDERED 42 * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED ORDERED 43 * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED default 44 * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED default 45 * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED UNORDERED 46 * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED ORDERED 47 * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED default 48 * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED default 49 * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED UNORDERED 50 * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED ORDERED 51 */ 52 public class TLSCipherSuitesOrder extends SSLSocketTemplate { 53 54 private final String protocol; 55 private final String[] servercipherSuites; 56 private final String[] clientcipherSuites; 57 58 public static void main(String[] args) { 59 PROTOCOL protocol = PROTOCOL.valueOf(args[0]); 60 try { 61 new TLSCipherSuitesOrder(protocol.getProtocol(), 62 protocol.getCipherSuite(args[1]), 63 protocol.getCipherSuite(args[2])).run(); 64 } catch (Exception e) { 65 throw new RuntimeException(e); 66 } 67 } 68 69 private TLSCipherSuitesOrder(String protocol, String[] clientcipherSuites, 70 String[] servercipherSuites) { 71 // Re-enable protocol if it is disabled. 72 if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { 73 SecurityUtils.removeFromDisabledTlsAlgs(protocol); 74 } 75 this.protocol = protocol; 76 this.clientcipherSuites = clientcipherSuites; 77 this.servercipherSuites = servercipherSuites; 78 } 79 80 // Servers are configured before clients, increment test case after. 81 @Override 82 protected void configureClientSocket(SSLSocket socket) { 83 socket.setEnabledProtocols(new String[]{protocol}); 84 if (clientcipherSuites != null) { 85 socket.setEnabledCipherSuites(clientcipherSuites); 86 } 87 } 88 89 @Override 90 protected void configureServerSocket(SSLServerSocket serverSocket) { 91 serverSocket.setEnabledProtocols(new String[]{protocol}); 92 if (servercipherSuites != null) { 93 serverSocket.setEnabledCipherSuites(servercipherSuites); 94 } 95 } 96 97 protected void runServerApplication(SSLSocket socket) throws Exception { 98 if (servercipherSuites != null) { 99 System.out.printf("SERVER: setEnabledCipherSuites:%s - " 100 + "getEnabledCipherSuites:%s%n", 101 Arrays.deepToString(servercipherSuites), 102 Arrays.deepToString(socket.getEnabledCipherSuites())); 103 } 104 if (servercipherSuites != null && !Arrays.equals(servercipherSuites, 105 socket.getEnabledCipherSuites())) { 106 throw new RuntimeException("Unmatched server side CipherSuite order"); 107 } 108 super.runServerApplication(socket); 109 } 110 111 protected void runClientApplication(SSLSocket socket) throws Exception { 112 if (clientcipherSuites != null) { 113 System.out.printf("CLIENT: setEnabledCipherSuites:%s - " 114 + "getEnabledCipherSuites:%s%n", 115 Arrays.deepToString(clientcipherSuites), 116 Arrays.deepToString(socket.getEnabledCipherSuites())); 117 } 118 if (clientcipherSuites != null && !Arrays.equals( 119 clientcipherSuites, socket.getEnabledCipherSuites())) { 120 throw new RuntimeException("Unmatched client side CipherSuite order"); 121 } 122 super.runClientApplication(socket); 123 } 124 125 enum PROTOCOL { 126 TLSv13("TLSv1.3", 127 new String[]{ 128 "TLS_AES_256_GCM_SHA384", 129 "TLS_AES_128_GCM_SHA256"}, 130 new String[]{ 131 "TLS_AES_128_GCM_SHA256", 132 "TLS_AES_256_GCM_SHA384"}), 133 TLSv12("TLSv1.2", 134 new String[]{ 135 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 136 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, 137 new String[]{ 138 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 139 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}), 140 TLSv11("TLSv1.1", 141 new String[]{ 142 "TLS_RSA_WITH_AES_256_CBC_SHA", 143 "TLS_RSA_WITH_AES_128_CBC_SHA"}, 144 new String[]{ 145 "TLS_RSA_WITH_AES_128_CBC_SHA", 146 "TLS_RSA_WITH_AES_256_CBC_SHA"}), 147 TLSv1("TLSv1", 148 new String[]{ 149 "TLS_RSA_WITH_AES_256_CBC_SHA", 150 "TLS_RSA_WITH_AES_128_CBC_SHA"}, 151 new String[]{ 152 "TLS_RSA_WITH_AES_128_CBC_SHA", 153 "TLS_RSA_WITH_AES_256_CBC_SHA"}); 154 155 String protocol; 156 String[] orderedCiphers; 157 String[] unOrderedCiphers; 158 159 private PROTOCOL(String protocol, String[] orderedCiphers, 160 String[] unOrderedCiphers) { 161 this.protocol = protocol; 162 this.orderedCiphers = orderedCiphers; 163 this.unOrderedCiphers = unOrderedCiphers; 164 } 165 166 public String getProtocol() { 167 return protocol; 168 } 169 170 public String[] getOrderedCiphers() { 171 return orderedCiphers; 172 } 173 174 public String[] getUnOrderedCiphers() { 175 return unOrderedCiphers; 176 } 177 178 public String[] getCipherSuite(String order) { 179 switch (order) { 180 case "ORDERED": 181 return getOrderedCiphers(); 182 case "UNORDERED": 183 return getUnOrderedCiphers(); 184 default: 185 return null; 186 } 187 } 188 } 189 }